I'm very new to remote mac management via the k1000. I just created a script via the Security Policy wizard, and have attached the correct (test) macbook air to the list of deployment machines. I'm recieveing this error in the logs. Any input would be greatly appreciated. Thanks!

 

Log for Mac ALF Settings on MacBookAir[ Show All ]


Started: 06/30/2013 14:05:55
Finished: 06/30/2013 14:05:55
Elapsed Time: 0 second
Status: 3

Output Log

File exists: /usr/libexec/ApplicationFirewall/socketfilterfw
File exists: /Library/Preferences/com.apple.alf.plist
Launched Process: PlistBuddy
Launched Process: PlistBuddy
Launched Process: PlistBuddy
ProcessOps_LaunchProgram: Launch failed: 1 exitCode=1

Activity Log

Checking if file exists: /usr/libexec/ApplicationFirewall/socketfilterfw
Checking if file exists: /Library/Preferences/com.apple.alf.plist
Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :globalstate 0' /Library/Preferences/com.apple.alf.plist' wait='true'
Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
Launching program: '/usr/bin/killall' 'socketfilterfw' wait='true'
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1

Okay, it looks like Kace is attempting to launch the plistbuddy process. From what i'm reading (and i cold be wrong) there is no plistbuddy in 10.8... hence the "Run Failure" that i keep seeing in the logs. 

Now, after testing, I am able to push this script to my 10.8 macbook air. Thanks for the effort and help jknox.

Answered 07/05/2013 by: dblaire@shutterfly.com
Senior White Belt

  • Sorry, hadn't had a chance to test it out yet. Submit a support ticket so a bug can be generated. Seems like a new script will need to be written.
Please log in to comment

Answers

0

What version of OS X is this running on? What version of the K1000 agent?

What options did you select for the firewall on the security policy?

Does it work if you execute the commands manually?

Enable debug, deploy the policy and see if the logs give you any further detail: http://www.kace.com/support/resources/kb/article/how-to-enable-debug-logs-on-the-kace-k1000-client-kbox-client-deployment

Answered 07/01/2013 by: jknox
Red Belt

  • OSX Version: 10.8.4
    K1000 Agent: 5.4.5315
    AMP Agent: 6

    Below is the Raw XML Data of the script
    ---------------------------------------------------------------
    <?xml version="1.0" encoding="utf-8" ?>
    <kbots xmlns="http://kace.com/Kbots.xsd">
    <kbot>

    <config name="Mac ALF Settings" type="policy" id="150" version="1372626269" description="Application Layer Firewall Settings (Created by the KACE Configurator)">

    <execute disconnected="true" logged_off="true">
    <event name="BOOTUP" />
    </execute>

    </config>

    <compliance>

    <verify on_failure="break" attempts="2">

    <file_exists path="/usr/libexec/ApplicationFirewall" file="socketfilterfw" />
    <file_exists path="/Library/Preferences" file="com.apple.alf.plist" />

    <on_verify_success>
    <launch_program path="/usr/libexec" program="PlistBuddy" wait="true" parms="-c 'Set :globalstate 0' /Library/Preferences/com.apple.alf.plist" />
    <launch_program path="/usr/libexec" program="PlistBuddy" wait="true" parms="-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist" />
    <launch_program path="/usr/libexec" program="PlistBuddy" wait="true" parms="-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist" />
    <launch_program path="/usr/bin" program="killall" wait="true" parms="socketfilterfw" />
    </on_verify_success>

    <on_verify_failure>
    <log_message type="status" message="Application Layer Firewall (10.5 and higher) not found." />

    <on_remediation_success>
    </on_remediation_success>

    <on_remediation_failure>
    </on_remediation_failure>

    </on_verify_failure>

    </verify>

    </compliance>

    </kbot>
    </kbots>
    -------------------------------------------------------------------
    • Did the debug logs show anything?
  • I dont see any obvious failures.


    Log for Application Layer Firewall Settings on MacBookAir [ Show All ]
    Started: 07/01/2013 14:15:35
    Finished: 07/01/2013 14:15:35
    Elapsed Time: 0 second
    Status: 3
    Output Log
    File exists: /usr/libexec/ApplicationFirewall/socketfilterfw
    File exists: /Library/Preferences/com.apple.alf.plist
    Launched Process: PlistBuddy
    Launched Process: PlistBuddy
    Launched Process: PlistBuddy
    ProcessOps_LaunchProgram: Launch failed: 1 exitCode=1
    Activity Log
    Checking if file exists: /usr/libexec/ApplicationFirewall/socketfilterfw
    Checking if file exists: /Library/Preferences/com.apple.alf.plist
    Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :globalstate 1' /Library/Preferences/com.apple.alf.plist' wait='true'
    Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
    Launching program: '/usr/libexec/PlistBuddy' '-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'
    Launching program: '/usr/bin/killall' 'socketfilterfw' wait='true'
    Debug Log
    Running kbot: runkbot 150 1372713250
    Validating kbot xml
    Kbot xml /Library/Application Support/Dell/KACE/data/kbots_cache/150-1372713190_expanded.xml, Validation Success
    Kbot Config Info - Start
    id=150 name=Application Layer Firewall Settings version=1372713190 type=policy
    execute disconnected=true logged_off=true
    execute events BOOTUP
    Kbot Config Info - Finish
    runkbot ----- launching [command='/usr/libexec/PlistBuddy' parms='-c 'Set :globalstate 1' /Library/Preferences/com.apple.alf.plist' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=0] -----
    runkbot ----- launching [command='/usr/libexec/PlistBuddy' parms='-c 'Set :loggingenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=0] -----
    runkbot ----- launching [command='/usr/libexec/PlistBuddy' parms='-c 'Set :stealthenabled 0' /Library/Preferences/com.apple.alf.plist' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=0] -----
    runkbot ----- launching [command='/usr/bin/killall' parms='socketfilterfw' wait='true'] -----
    runkbot ----- completed [result=1 exitCode=1] -----
  • Is there any way this could be a permissions issue?

    Thanks,
    Doug
Please log in to comment
Answer this question or Comment on this question for clarity